fix(python): regex injection not working for concatenated strings (#8197)

Co-authored-by: Riley Bruins <ribru17@hotmail.com>
This commit is contained in:
Lev Velykoivanenko 2025-10-26 17:25:42 +01:00 committed by GitHub
parent 98fe644cb3
commit c53bb10a71
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 83 additions and 3 deletions

View file

@ -0,0 +1,19 @@
import re
re_test = re.compile(r"^(?P<year>\d{4}) (?P<day>\d) \w\s{,3}$")
# ^ @string.regexp
re_test = re.compile(
# comment
# ^ @comment
r"^(?P<year>\d{4}){1}"
# ^ @string.regexp
# comment
# ^ @comment
r"(?P<day>\d) \w\s{,3}"
# ^ @string.regexp
# comment
# ^ @comment
)
# interpolation
print("foo %s bar %d" % ("arg1", 2))
# ^ @character

View file

@ -0,0 +1,11 @@
# split
# ^ @comment
assert_eq('foo bar'.split(' '), ['foo', 'bar'])
# ^ @keyword
# ^ @punctuation.bracket
# ^ @string
# ^ @punctuation.delimiter
assert_eq('foo bar foo'.rsplit(' ', 1), ['foo bar', 'foo'])
# ^ @number
assert_eq("foo %s bar %d" % ("arg1", 2), "foo arg1 bar 2")
# ^ @character

View file

@ -0,0 +1,18 @@
import re
re_test = re.compile(r"^(?P<year>\d{4}) (?P<day>\d) \w\s{,3}$")
# ^ @regex
re_test = re.compile(
# comment
# ^ @comment
r"^(?P<year>\d{4}) "
# comment
# ^ @comment
r"(?P<day>\d) \w\s{,3}$"
# ^ @regex
# comment
# comment
# ^ @comment
)
print("foo %s bar %d" % ("arg1", 2))
# ^ @printf

View file

@ -0,0 +1,5 @@
# split
# ^ @comment
assert_eq('foo bar'.split(' '), ['foo', 'bar'])
assert_eq("foo %s bar %d" % ("arg1", 2), "foo arg1 bar 2")
# ^ @printf